Blockchain after the hype — Part 1

Two years ago I delivered my first webinar “Blockchain beyond the Hype” and since then many webinars, keynotes and publications followed. And of course regular posts on Social Media focusing on downplaying the enormous hype around blockchain and offering a realistic view on what it is and what it isn’t.

Now 2 years later we can finally say that the big hype is over and reality is settling in, albeit slowly. Much of what blockchain was said to be hasn’t materialized and even more of what blockchain was going to solve has not and will not happen. Simply because blockchain is technology and like any other technology, it depends on application and adoption.

Beyond the Hype became After the Hype, and several articles will follow to have a closer look at the current state of affairs in Blockchain. In this first article, the focus is on the flavors of Blockchain as they have developed since the first sighting in the wild.

The purest and much wide spread form of public blockchains continue to be the countless variations of crypto currencies, with Bitcoin and Ethereum as the big dogs on the block. Decentralization, distributed ledger and encryption are the foundation of public blockchain platforms, and form their core strengths and weaknesses.

Decentralization means that there is no controlling body involved in the platform, which is seen (and over exposed) as a strength, although it also is a clear weakness. The lack of authority over what is placed on the blockchain as ‘technical truth’ will continue to keep people and organizations from using public blockchain platforms as common source to store and retrieve information. ‘Whomever comes first is telling the truth’ isn’t a mechanism that will see mass adoption. On the other hand, there is a clear strength in the form that there isn’t a single instance determining the ‘technical truth’ and thus having monopoly over the truth by simply owning the infrastructure.

Encryption in times of hacks and data breaches is a key benefit of blockchain platforms and security by design is an unbeatable strength. Nothing comes close to what (public) blockchain platforms offer with encryption and security as part of the data itself, from the moment it enters the chain. Although it isn’t as unhackable as many tried to make us believe, it is still the closest thing to unhackable currently available.

However, there is a downside which comes from the combination of encryption and consensus protocols which combined ensure the ‘technical truth’ on the blockchain. The required size of the network for a public blockchain must be big enough so that (theoretically) nobody is able to take over the network by simply adding more nodes than the network currently has. This resilience by numbers leads to unsustainable energy and resource consumption which by far exceed anything we can afford in a time where we should focus on energy and resource efficiency, and protecting our environment. In addition to this, the validation of all data blocks on the blockchain is done by all the nodes on the network, after which it is maintained by all the nodes on the network.

This leads to the biggest weakness of public blockchain platforms once they reach the size which is resilient against hostile takeovers of the network: the low pace and high costs of transactions. What a platform like VISA does in a busy hour doesn’t fit in the combined capacity of all crypto currency platforms, and VISA does that at a fraction of the transaction costs including a fraction of the energy consumption.

As mentioned, public blockchains aren’t as unhackable as they are advocated. Attack vectors are rarely focused on the encrypted data on the chain itself. Entry points and interfaces, like wallets and exchanges are a much easier target. Even propagation of malicious nodes in the network has been successfully pulled off. An attack vector we will see spreading in the future is the result of the fact that blockchain is software, and software needs updates to include new features and patches of discovered vulnerabilities. Once those public blockchain platforms become more established beyond the early adopters and high-stake stakeholders, this kind of software will start suffering under unpatched nodes and segmentation between versions.

Offering all benefits of public blockchains but adding centralization versus decentralization is a flavor of blockchain commonly known as private blockchain. In this variation there is a central body or authority that owns the blockchain and decides which nodes can join the infrastructure and which data can be stored on the blockchain. Although there are many variations available and being tested, most of them have in common that there is distributed ledger and encryption, in combination with a less complicated consensus protocol.

The biggest challenge for these private blockchains is the security of the endpoints, interfaces and infrastructure itself. Once an endpoint is under control of a hacker, the authorization that this endpoint has for the blockchain is also under the control of the cyber criminal.

Theoretically, these private blockchains are less vulnerable to attacks by outsiders. In reality, those blockchains run on the same infrastructure and networks as normal IT operations do, and we are all aware of the amount of companies and (governmental) organizations that become victim of hacks and ransomware.

The most widespread application for private blockchain now and in the near future will be governments which are seeking ways to make data available along the chain of organizations and at the same time seek to eliminate redundant data storage and maintenance. Private blockchain platforms offer this combination when legacy systems are adapted to use the blockchain ledger as the single data backbone for the common shared information. The cost and complexity of these adaptions and the creation of interfaces between systems will however lead to longer delays and ROI.

Attack vectors will be the poorly secured endpoints and interfaces, and in the (near) future the tendency of governmental organizations to completely lack an aggressive security and patching policy.

Enterprise blockchains are a special variation of private blockchains and mainly used by large enterprises and even consortia of enterprises. The main difference between private blockchains and enterprise blockchains is that the authority of the blockchain also owns the entire infrastructure and in most cases selects a commercial blockchain product and platform.

We will see Enterprise Blockchain implementations mainly in complex Supply Chain situations, like for example the automotive industry. Other industries where transparency is becoming a strong demand from the consumers, like fashion and food, are also testing enterprise blockchain platforms with several successful (small scale) implementations. Transparency is a strong benefit of blockchain in any form but with a clear restriction. The ‘technical truth’ on the ledger does not automatically mean that the data itself is accurate. The ledger only ensures that the data is shared among all nodes and all participants work with the same technical truth. A company which supplies the fashion industry can still certify that it doesn’t use any kind of child labor itself, while several of their suppliers do. Just to mention a radical example of what still happens in the industry without blockchain and what will not change just by implementing blockchain…

Enterprise Blockchain platforms have the benefit over all other variations that the authority over the chain also has the power of command over the infrastructure, and ensure that all required security measures are taken. This doesn’t mean that they will, but at least the propagation of patches and policies is significantly easier to manage and execute.

An example of Enterprise Blockchain which has long left the test-bed stage is IBM’s Blockchain Platform, which in combination with IBM’s LinuxONE is seen as the Fort Knox of Enterprise Blockchain. https://www.ibm.com/blockchain/platform

Attack vectors for Enterprise Blockchain will mainly be the entry points and interfaces, just like with the other flavors. Less likely but still to be considered is exploitation of an unpatched vulnerability in the platform itself. Since most Enterprise Blockchain platforms have no public entry points and interfaces, there are multiple layers of security in place. Although still not the ‘guaranteed unhackable blockchain’, the likelihood of a hack of an Enterprise Blockchain Platform is the lowest of all variations.

Scaling blockchain is a flavor of a public and private hybrid which is growing in popularity. In a scaling blockchain platform there is a wide mix of blockchain based projects which all join in a single blockchain. This allows smaller projects which by themselves would never be able to build a public network to become resilient against hostile takeovers to join a network which is resilient by the combination of many projects on a single chain.

There are many variations out there but only a few actually have been able to grow beyond the pilot and now offer full production-grade platforms. And those that made it are the future of blockchain for all those who are not interested in risking to lose control over their chain without having to build their own Enterprise Blockchain and infrastructure.

A great example of a platform that can be used to build and maintain Scaling Blockchain is Hyperledger. https://www.hyperledger.org/

Another example which has the potential to become a major player in all flavors including scaling blockchains is the Credits platform: https://credits.com/

We will see scaling blockchains in many areas, especially in those cases where validation and transparency is important but the trade or registration of high value assets is not required. Think for example about patches for firmware of devices, where the devices don’t have the capacity to become an active node in a blockchain network but a scaling blockchain platform can offer a secure way to distribute patches and validate both the devices and the patches. An example of this use case is: https://www.asvin.io/

There will be many situations in the future where various flavors and ‘brands’ of blockchain will need to collaborate or at least co-exist. A clear example of this are the so called smart cities in which different kinds of blockchain will enter the eco-sphere. The governmental organization of a smart city will for example have a private blockchain. Shops could have a local crypto currency, which they interface to other crypto platforms and conventional banks. Real estate owners can have a blockchain platform to register their accommodations, reservations and tenants. Energy providers trade locally generated power with external sources and book buying and selling by and with their customers on a blockchain platform.

The list of potential blockchain applications is endless and due to the many different requirements and parties involved it is very unlikely that these will all be mapped on a single blockchain platform. With the current ‘show case’ status of smart cities it is however very likely that blockchain platforms will play a major role in the registration of data and assets, services and products.

The biggest weakness and most likely attack vector of hybrid blockchain platforms is the complexity of the integration. Some experts even suggest that the only way to secure a hybrid blockchain platform for e.g. a smart city with blockchain-grade resilience is to create an Enterprise Blockchain platform for the integration of all the blockchains involved. This makes one wonder what the actual benefit over an Enterprise Grade data infrastructure is…